Is this overlay required to have a hardened GCC 4.x setup?
I ask because I am using the hardened/linux/x86/10.0 profile and GCC 4.3.4 is not masked. Can I switch to this (4.3.4 in the regular portage tree) from 3.4.6-r2 and still have all of the same hardened code requirements/benefits? Or must I use the overlay as of yet?
What sparked this is upgrading mysql from 5.0.70-r1 to 5.0.84-r1 throws errors about having a new enough GCC and such, and so I must consider rolling a newer GCC for my servers.

Is this overlay required to have a hardened GCC 4.x setup?
I ask because I am using the hardened/linux/x86/10.0 profile and GCC 4.3.4 is not masked. Can I switch to this (4.3.4 in the regular portage tree) from 3.4.6-r2 and still have all of the same hardened code requirements/benefits? Or must I use the overlay as of yet?
What sparked this is upgrading mysql from 5.0.70-r1 to 5.0.84-r1 throws errors about having a new enough GCC and such, and so I must consider rolling a newer GCC for my servers.

Hi,
The bug is now marked as 'resolved'. Is glibc-2.11 ready for use on hardened profile?

The bug is closed, the ebuild is marked ~ARCH (testing), not stable. So:
If by 'ready for use' you mean 'is it stable and ready for a wide-spread audience' then the answer is no.
If by 'ready for use' you mean 'is it ready for use in a testing environment, understanding that there are potential risks with packages not marked stable' then yes.

Dwokfur to the log:
I had to "paxctl -m" gnome-power-manager and mixer-applet2, otherwise gnome-power-manager and therefore gnome-settings-daemon kept on segfaulting. Apart from these gst-inspect still requires "paxctl -m" to run both on my server and laptop.

hi.
I have a question not related to gcc, only with the hardened-development layman.

I see there is hardened-sources-2.6.32-r4 in this repo but there is no mention of this kernel in the tuto, so I just wanted to know if this kernel is suitable for use (can we reasonably consider this enough stable like gcc-4.4 or testing like gcc-4.5) ?

@costel78 I have gcc-4.4.3-r1 on the overlay and my box seems to work fine (except openvpn, but maybe not related to the new compiler)

hi.
I have a question not related to gcc, only with the hardened-development layman.

I see there is hardened-sources-2.6.32-r4 in this repo but there is no mention of this kernel in the tuto, so I just wanted to know if this kernel is suitable for use (can we reasonably consider this enough stable like gcc-4.4 or testing like gcc-4.5) ?

@costel78 I have gcc-4.4.3-r1 on the overlay and my box seems to work fine (except openvpn, but maybe not related to the new compiler)

Thanks for the reply.
It's a long time I have the same kernel (in fact the 2.6.28-hardened, the latest stable kernel from gentoo repo).
I thought there was more than just the grsec with gentoo-sources.

Thanks for the reply.
It's a long time I have the same kernel (in fact the 2.6.28-hardened, the latest stable kernel from gentoo repo).
I thought there was more than just the grsec with gentoo-sources.

...be sufficient to replace use of stack-protector-all with stack-protector?

Also: aching to try out hardened 4.5. *cough* *cough*

It would be sufficient to do that.
Gcc 4.5 will be in the overlay on later time. Have alot of work before even 4.4 can hit the tree._________________gcc version 4.6.2 (Gentoo Hardened 4.6.2 p1.1, pie-0.5.0)

Can i have an hardened toolchain without having an hardened profile ? Is that enough to globally enable hardened use-flag ?

According to what I understood, some hardened C(XX)FLAGS (-fstack-protector, -D_FORTIFY_SOURCE=2 ...) are defined in GCC specs. In the end, which CFLAGS are defined in these specs ? Does this mean that every ebuild installed with this GCC will be compiled with these C(XX)FLAGS? Or do i have to add these CFLAGS in my make.conf ?

Message to the log:
I could successfully upgrade sun-jdk from 1.6.0.17 to 1.6.0.19 after I've upgraded the kernel version from 2.6.31-hardened-r11 to 2.6.33-hardened. I'm suspect this issue had something to do with PaX - but not sure. Previously I had problems using with 2.6.32-hardened: X crashed instantly. Now 2.6.33-hardened seems to be OK, so I can move on. 2.6.31-hardened-r11 seems to be the culprit factor. The strange thing is, that everything was running fine both on the laptop and the server apart from these failures...

The Easter holiday will be an excellent occasion to give openoffice-3.2.0 another spin with the new kernel.